PCI-DSS compliance requires every individual user have a strong password. In addition to a strong password, the user must change their password every 90 days.
The requirements for a strong password are:
- Must be at least seven characters long
- Must contain at least one upper case letter
- Must contain at least one lower case letter
- Must contain at least one number
- Must contain at least one special character such as #, !, ?, ^, or @.
- Cannot contain the User ID
- Must expire every 90 days
- Must be different from previous passwords
** Note: Some special characters should be avoided as they may not work = Those are * (asterisks), % (percentage), & (ampersand), + (plus), and space(space bar).